I 



WORLD IKTELLECtUAL PROPERTY ORGANIZATION 

Intcfnaiional Bureau 




PCX 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT> 



(51) International Patent Clas^fication : 
G06F 17/60 



A2 



(11) IntemationBl Pbblication Number: WO 00/67177 

(43) international PublkatioD Date: 9 November 2000 (09.1 1.00) 



(21) International ApplicatSon Number: 

(22) International Filing Date: 



PCT/US0Wn732 



28 April 2000 (28.04.00) 



(30) Pnority Data: 
60/131,785 
60/144,633 
6W1723n 



30 April 1999 (30.04.99) US 
19 hi1> 1999(19.07.99) US 
17 December 1999 (17.12.99) US 



(71) Applicant: X.COM CORPORATION |USAJS); 394 UnWeisity 

Avenue, Palo Alio, CA 94301 (US). 

(72) Inventors: LEVCOTN, Max; 469 Gram Avenue #Q, Palo Alto, 

CA 94306 (US). NOSEK. Luke; 469 Grant Avenue #P, 
Palo AUo, CA 94306 (US). THIEL, Peter, 1788 Oak Crtck 
Drive #416, Palo Alto, CA 94304 (US). BANISTER; Scott, 
Alan; 1480 Bay Laurel Drive» Mcnlo Park, CA 9A025 (US). 

(74) Agents: VAUGHAN, Daniel, E; Park & Vaughan UJP, 702 
Maisball Street. Suite 310, Redwood City, CA 94063 (US) 
et al. 



(81) Designated States: AE, AL, AM, AT, AU, AZ, BA, BB, BG, 
BR, BY. CA. CH, CN, CR, CU, CZ, DE, DK, DM, EE, 
ES, Fl. GB, GD, GE, GH, GM, HR. HU, ID, IL, IN, IS, IP, 
KE, KG. KP, KK. KZ, LC, LK, LR, LS, LT, LU, LV, MA, 
MD, MG. MK, MN, MW, MX, NO, NZ, PL, FT, RO. RU. 
SD, SE. SG, SI, SK, SL, TJ, TM, TR, TT. TZ, UA, UG. 
UZ, VN, YU, ZA, ZW, ARIPO patent (GH, GM, KE, LS, 
MW, SD, SL, SZ, TZ, UG, ZW), Eurasian patent (AM, AZ, 
BY, KG. KZ, MD, RU, TJ, TM), European patent (AT, BE. 
CH. CY, DE, DK, ES. Fl. FR, GB. GR. IE. TT, LU, MC. 
NL, FT, SE), OAPl patent (BP, BJ, CF. CO, CI, CM, GA, 
GN. GW- ML, MR, NE, SN, TD. TG). 



Published 

Without inlernational starch report and to he republished 
upon receipt of that report. 



(54) Title; SYSTEM AND METHOD FOR ELECTRONICALLY EXCHANGING VALUE AMONG DISTOIBUTED USERS 



(57) Abstract 

A system and method are provided for facilitating a value 
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new users, a financial server for irtteracting with external financial 
instiltttions, and a security server for ensuring the security of 
value exchange transactions; In one medkod, a first party iniliales 
a uansactipR on a client (eg., a mobile computing device) bf 
selecting or inputdng an identifier (wluch may be pre-existing, 
such as a teIe|dlone immbcr) of another party and a value to be 
exchanged. The Iransaciicm may be conducted while the parties* 
client devices are electronically connecied or may be conducted 
by one user on one device* Transactions are communicated to a 
system server during a synchronization l)etween a paily*s client 
device and a system server. When the transaction is submitted 
to the system, if the second party is not a registered user of the 
system he or she is mvitcd to register and complete the trarssac6on. 
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SYSTEM AND METHOD FOR ELECTRONICALLY 
EXCHANGING VALUE AMONG DISTRIBUTED 

USERS 

5 BACKGROUND 

This invention relates to the fields of computer systems and communications. More 
particularly, a system and methods are provided for facilitating the exchange of value 
among distributed users through computing devices. 

Existing methods of transferring or exchanging values among multiple persons have 
10 many shortcomings. For example, the use of cash requires regular replenishment, creates 
the need to make change, allows the possibility of theft or loss and has no built-in or easy 
method of keeping records concerning cash payments and receipts. Similarly, checks can 
be forged, they often provide only rudimentary record keeping (e.g., check stubs) and allow 
one to unwittingly overdraw a checking account Credit cards may mitigate some of the 
1 5 problems with cash and checks, but cannot be used for making payments or exchanging 
value between two or more individuals. 

In addition, the formalities of existing value exchange transactions can make them 
inefficient or difficult to complete. For example, transferring money to another person' s 
bank or other financial account may require one to know the person's account number. 
20 That person may understandably be reluctant to divulge such information. 

Thus, vAiaX is needed is a system and method for enabling value transfers without aD 
the shortcomings of existing means and techniques. It would be desirable, for example, to 
allow a value exchange transaction to be conducted using a known or conuxv>n identifier of 
a person (e.g., electronic mail address, telephone number) rather than other, more sensitive, 
2S iiifonnation. 

SUMMARY 

hi cme embodiment of the invention a system and methods are provided for 
conducting a vahie exchange between two or more persons using a distributed value 
30 exchange system. 



1 
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In this embodiment the system may comprise one or more system servers 
coniigured to regjster.a person or other entity (e.g., a business) as a system user and allow 
him or her to ccmduct value exchange transactions with persons who may or may not also 
be registered users. A user then employs a client computing device (e.g., a handheld, 
5 pabntop or desktop computer, a web-enabled telephone, a two«way pager) to initiate or 
conduct a value transfer. The value exchange may be conducted while online with (e.g., 
connected to) the system, while offline, while connected (e.g., via wireless connection) to 
another user^s device, etc. When the transaction is submitted to the system, it notifies 
transaction parties that are as-yet unaware of the transaction and attempts to clear or 
1 0 finalize the transaction and adjust the users' account balances appropriately. 

A comniunication server may be configured to receive connecticms (e.g., wired 
and/or wireless) fi'om persons wishing to become registered users. A synchronization 
server may be configured to facilitate the synchronization of user's client devices with the 
system. During synchronization, users' devices may submit transactions to the system, 
1 S receive information on new or cleared transactions, synchronize account information on the 
system with the information on the client device, etc. A security server may be configured 
to enforce security procedures, possibly using asymmetric and/or sjoiunetric cryptographic 
techniques. A finarKial server interacts with othor system servers and external financial 
institutions to enable a user to inject value into the system and withdraw value firom the 
20 system. One or more databases may store account information for users (e.g., account 
information, transaction details) and help coordinate system activity. 

In one method of conducting a value exchange a person registers with the system, 
an account is created for him and system software is downloaded to his client device. The 
user may then conduct transactions on his client whether he is connected to the system or 
25 not When not cormected, the client stores transaction details and, when later connected to 
the system for synchrcmization purposes* tiploads his transactions to the system and may 
receive transactions initiated by other users. Each transaction may include an identifier of 
ancrther party to the trmisaction and the value to be exchanged. In one embodiment of the 
invention transaction parties may be identified by identifiers that have meaning outside the 
30 system, such as electronic mail addresses, telephone number, social security numbers, etc. 
Thus, the user may initiate a transaction with a person who is not a registered user as long 
as he knows an appropriate identifier of the person. 
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When the system receives a new transaction initiated by a user it attempts to contact 
the other party or parties using the identifier(s) provided by the initiating user. If another 
party is a registered user, the system may also know other methods of contacting the party. 
For a party who is not already a user, he or she is invited to connect to the system, register 

5 and complete the transaction. 

Virtually any means of value transfer may be associated with the system. Users 
may introduce value into their system accounts via credit card» check, cash, electronic funds 
transfer, direct deposit, etc. Value may be withdrawn from the system using the same or 
similar processes. The value that is exchanged between transaction parties may be 

1 0 monetary (e.g., represented by United States dollars or other currency) or have some other 
form, such as credits, affinity points, frequent flier miles, vouchers, barter points, etc. 

DESCRIPTION OF THE FIGURES 
FIG. 1 is a block diagram depicting a system for conducting value exchange 
1 5 transactions in accordance with an embodiment of the present invention. 

FIG. 2 is a flowchart illustrating one method of conducting a value exchange 
transaction in accordance with an embodiment of the invention. 

FIG. 3 depicts one form of an indirect value exchange transaction from a first user 
to a second user performed on the first user^s mobile client device in accordance with an 
20 embodiment of the invention. 

FIG. 4 depicts one form of a direct value exchange from a first user to a second user 
conducted with the user's mobile client devices in accordance with an embodiment of the 
invention. 

25 DETAILED DESCRIPTION 

The following description is ptesented to enable any person skilled in the art to 
make and use the invention, and is provided in the context of particular applications of the 
invention and their requirements. Various modifications to the disclosed embodiments will 
be readily apparent to those skilled in the art wd the general principles defiiied herein may 

30 be applied to other embodiments and applications without departing from the spirit and 
scqpe of the present invention. Thus, the present invention is not intended to be limited to 
the embodiments shown, but is to be accorded the widest scope consistent with the 
principles and features disclosed herein. 

3 
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The program environment in which a present embodiment of the invention is 
executed iDustratively incorporates a general-purpose computer or a special purpose device 
svxh as. a hand-held computer. Details of such devices (e.g., processor, memory, data 
storage, display, wired/wireless communication capability) are omitted for the sake of 
5 clarity. 

It should also be understood that the techniques of the present invention might be 
implemented using a variety of technologies. For example, the methods described herein 
may be implemented in software executing on a computer system, or implemented in 
hardware utilizing either a combination of microprocessors or other specially designed 

10 a]^lication specific integrated circuits, programmable logic devices, or various 

combinations thereof. In particular, the methods described herein may be implemented by 
a series of computer-executable instructions residing on a storage medium such as a carrier 
wave, disk drive, or computer-readable medium. Exemplary forms of carrier waves may 
take the form of electrical, electromagnetic or optical signals conveying digital data streams 

15 along a local network or a publicly accessible network such as the Internet. 

Introduction 

In one embodiment of the invention a system and method are provided for 
facilitating an exchange of value between two or more persons using client computing 

20 devices. Values that are exchanged may be monetary in nature (using any currency) or may 
take other forms, such as credits, debits, discounts, vouchers, certificates, mileage .(e.g., 
frequent flier miles), etc. The computing devices used to conduct an exchange transaction 
may or may not be portable in nature, and may employ virtually any conmiunication media, 
including both wired and wireless. In one implementation, of this embodimoit, at least one 

25 user employs a portable computing device such as a handheld or palmtop computer, a smart 
telephone, a two-way pager, etc. A computing device suitable for this embodiment may 
always be linked to or in communicatimi with another device (e.g., a system server), such 
as a networked personal computer, or may be disconnectable, such as a hand-held personal 
digital assistant (PDA). Thus, a value exchange transaction may be ccmducted ofiline or 

30 online, while coimected or disconnected bom other system compcments. 

A system according to this embodiment of the iiivention includes at least one highly 
accessible computer server configured to facilitate value exchanges. Illustratively, a user 
who wishes to initiate a value exchange or value transfer with another party is registered 
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with the server beforehand (e.g., an account is established for the user on the server). The 
other party may or rpay not be a registered user at the time the transaction is initiated or 
communicated to the system. 

Ld one method of conducting a value exchange according to this embodiment of the 
5 invention an entity involved in the exchange may be known by an identifier that has 
meaning or use outside of the system, such as an electronic mail address, a telephone 
number, a social security number, etc. Illustratively, each such identifier is only associated 
with one person or entity, thus promoting accountability. In an alternative method, 
however, multiple users or accounts may be associated with an identifier. 
10 In one implementation of a method of conducting a value exchange a registered user 

of the system initiates an exchange vfiih an unregistered party by identifying that party to 
the system server by his or her electronic mail address. The registered user may provide 
various details of the value exchange, such as the form of the value (e.g., a monetary 
amount, a number of credits or affinity points), a date on which to effect the transfer, the 
1 5 unregistered party's name, etc. The system may then attempt to contact the unregistered 
party (e.g., via the provided electronic mail address), notify him or her of the value 
exchange, identify the initiating user and invite the unregistered party to connect to the 
server and close the exchange. The unregistered party may be required to register with the 
system in order to close the transaction. For example, if the value exchange is to the 
20 benefit of the unregistered user, he or she may wish to leave the value in the system in order 
to use it to conduct an exchange with yet another party. Ahematively^ the imregistered 

ft 

party inay be pmnitted to provide just enough information (e.g., credit card number, 
address) to allow the system to close the transaction, without being registered. 

In different embodiments of the invention the value exchange may be initiated fay 

25 the p^son who owes or is owed the value to be exdianged. Further, the valw thai is 

exchanged may be of virtually any form and/or may be transformed in nature. F<»r example, 
a monetary amount or a credit or voucher held by a first user and accepted by a second user 
may be transferred from the first user to the second user in exchange for goods or services. 
Or, the value may change fiom one currency to another or from being monetary in nature to 

30 being represented by credits vrith a merchant, frequent flier miles, or some other value. 
Thus, a user may pay for goods or services with value in many different forms, including 
currency or points that are used only within the system (e.g., for transactions between 
users). 
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The system may also be configured to allow users to perform normal banking 
operations (e.g., withdrawals, deposits, transfers), stock transactions, electronic ticketing, 
etc. In another embodiment of the invention a . third party may be involved to hold the value 
in escrow until a transaction is closed. 

5 Value may be introduced into the system (and credited to a user^s account) via casfa^ 

check, debit, or virtually any other method that is presently used or that becomes accepted 
in the business community. Value may exit the system in these and similar forms. 

In alternative embodiments of the invention a distributed system described herein 
may be used for forms of conununication other than value exchanges. For example, in one 

10 alternative embodiment the systein may be used to spread or disperse software among 
multiple users. Illustratively, a registered system user could then provide an unregistered 
person with the system software and thereby allow them to conduct a transaction. 
Advantageously, the software could be transmitted between users' client devices using 
vnitd or wireless communications. 

15 

One Embodiment of a System for Facilitating a Value Transfer 

FIG. 1 depicts an illustrative system for facilitating value transfers according to one 
embodiment of the invention. Alternative embodiments of the invention may incorporate 
any subset of the components of the illustrated system. 

20 The system of FIG. 1 includes central database 102, which is configured to store 

various infonriation used to facilitate value exchange transactions. Illustratively, the 
information stored in database 102 includes accounts for registered users of the system as 
well as various information pertaining to unregistered users participating in or invited to 
participate in a transaction. User information for registered and/or unregistered users may 

25 include user identifiers (e.g., name, electronic mail address, telefdiODe number, network 
address, physical address), transaction records, account balances in one or more differoit 
forms (e.g., money, frequent flier miles, store credits, affinity points, vouchers, coupons, 
discounts), preferred conununication methods (e.g., electronic mail, wireless voice), 
security data> etc. 

30 In the system of FIG. 1, database 102 is accessed by communication server 104, 

synchronization server 106, financial server 108 and possibly security server 1 10. In this 
embodiment, communication server 104 and/or other system servers are configured to 
interact with one or more users through cormnimication network 120. For example, 

6 
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communication server 1 04 may be or may include a web server, telephone switch, DSLAM . 
(Digital Subscriber Line Access Multiplexer), etc, 

A network presence, such as a web site on the Internet, that is hosted by 
communication server 1 04 may serve as a primary access point to the system for new and, 
5 possibly, existing users. Illustratively, users are given account names and passwords with 
which to access the system after being registered. Other forms of security (e.g., digital 
certificates, biometric devices) may be employed in other embodiments of the invention. . 

In one embodiment of the invention a user may download software for his or her 
computing device from communication server 1 04. In particular, communication server 
10 1 04 may allow a person to register with the syston, access and/or modify account 

infonnation, conduct and clear transactions, etc. A user may be required, however, to 
register v^th the system before being able to initiate or close a transaction. 

Synchronization server 106 in the illustrated embodiment is configured to 
synchronize information stored on the system with users* client computing devices and 
1 5 locally stored data. Illustratively, a user may connect to the synchronization server to 

* 

upload and/or download details of transactions (e.g., value exchanges) that involve the user. 
During a synchronization session, a user's client may receive updated account infonnation 
(e.g., reflecting cleared transactions), may authorize the system to charge additional fimds 
to the user (e.g., by charging a credit card or transferring ftmds from a bank account), 
20 access customer service, query the status of a transaction, initiate a new transaction^ etc. 

Financial server 1 08 is configured to interface with one or more fmancial 
institutions, which may, in one embodiment of the invmtion, be external to the system. 
Thus, the financial server may interact with credit card companies, banks (including 
traditional and online banks) and other entities that handle or process value in suitable 
25 forms; in particular, the financial server may be configured to transfer fiinds through the 
ACH (Automated Clearing House). FiiiaiKial server 108 may be configured to 
autraiatically generate a charge or credit to a user's account with an external financial 
institution when the user's system account balance falls below or rises above a 
{redetermined threshold. Further, the external vahie that the system can access for a user 
30 through financial server 1 08 may affect the number of transactions that the user can 
conduct or the amount of value in a transaction. 

Security server 110 may cooperate with one or more of database 1 02, 
communication server 104, synchronization server 106 and financial server 108 to apply. 
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ensure or enforce security for value exchanges and actions related to value exchanges. In 
one embodiment of the invention digital signatures may play a large part of the security 
scheme. DSA (Digital Signature Algorithm), a variant thereof (e.g., ECDSA or Elliptical 
Curve DSA), RSA or other digital signature protocol may be used. Symmetric 
5 cryptographic schemes such as DBS (Digital Encryption Standard) may also be applied in 
the same or different embodiments. Message authentication codes may be used to verify 
the integrity and authenticity of messages exchanged between the system and a user. 

In a present embodiment of the invention public key encryption techniques may be 
used with digital certificates to create cryptographically verifiable transactions and prevent 
1 0 their reptidiation. Symmetric encryption schemes may be employed for secure storage of 
data (e.g., on users* client devices and/or on the system). 

Illustratively the organization operating the value exchange system may act as a 
Certificate Authority and certify individual users, while certified users may, in turn, certify 
individual transactions. Certified users may be issued identity certificates for use in value 
IS exchange transactions. 

An identity certificate may include information such as the user's name, electronic 
mail address (or other meaningful identifier that identifies the user, such as a telephone 
number or social security number), account number or name, etc. Illustratively, an identity 
certificate also includes a public key of the user, which may be used to verify the 
20 authenticity of transactions conducted by the user. 

hodividual users generate transaction certificates for transactions they conduct or 
initiate and the system authenticates than with the users' public keys (e.g., during 
synchronization). A transaction certificate may include the value bdng exchanged, an 
identifier of another party to the transaction, other details (if necessary or desired), and may 
25 be signed with the user's private key. In one embodiment, a user*s client computing device 
generates the public/key pair during user registration, and the private key is retained only 
on the chent device. 

The illustrated system may conununicate with users through various types of 
communication media. Communication network 120 may thus comprise a traditioaal wired 
30 network (e.g., the h)temet) and/or a M^less network usable by portable devices such as 
portable computers (e.g., palmtop or handheld), smart (e.g., web-enabled) telephones, two- 
way pagers, etc. Therefore, users may interact with the system by operating devices such as 
client computer 1 22a, portable client computer or digital assistant 122b, v^rireless telephone 

8 
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122c and/oT other devices capable of communicating with communication server 104 
and/or synchronization server 106. Illustratively, portable client computer 122b may be 
configured to conduct value exchanges with, or conwDunicaie them to, the system 
independently and autonomously. Or, in an alternative embodiment, portable client 
S computer 1 22b may be operated to record details of an exchange in a disconnected mode 
and then, when connected {e.g., docked) with another computing device (e.g., computer 
122a) to forward those details to the system in order to finalize the exchange, and/or 
synchronize with the system. 

A portable client device employed by a user to participate in a value exchange 
10 transaction may incorporate a series of instructions for interacting with the system. For 
example, in one embodiment of the invention a user's client device includes a wallet 
application that allows the user to access his or her account balance(s) while connected to 
the system and/or while disconnected from the system. Illustratively, in this embodiment 
of the invention a user^s device periodically connects to synchronization server 106. 
15 During such a connection the user's device communicates with the server to send and 
receive new transaction information (e.g., details of new value exchanges involving the 
user) and/or receive updated account information (e.g., to reflect closed transactions). The 
user may also authorize or perform other activities involving his or her account, such as 
transfer value to or from a system or institution external to the value exchange system. 

20 

One Method of Conducting a Value Exchange 

In one embodiment of the invention a value exchange transaction may be conducted 
. by a single user (e.g., with his client device), while connected to or disconnected from a 
system server (e.g., conomunication server 1 04, synchronization server 1 06 of FIG. 1 ) or 

25 another party's client In particular, in one embodiment of the invention a user initiates a 
transaction by sutenitting it to the system, whidi then takes action to close the transaction 
by rK>tifying another participant, and possibly registering the other participant with the 
system. In an alternative embodiment, however, a transaction may be conducted in a direct 
commtmication between two (or more) parties, after which details of the transaction are 

30 submitted to one of the system servers. In this alternative embodiment, at least one of the 
parties (e.g., from whom value is being transferred) may be required to be registered with 
the system. 
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Illustratively, a transaction cannot be closed or finalized until the system leams of 
the transaction from one of the involved parties^ identifies the other participant(s) and 
detennines how to transfer the value. Closure of a transaction may include the actual 
transfer of value from one party (e.g., in a first account and/or form) to a second party (e.g., 
5 to another account and/or form). Parties to a transaction may need to be registered with the 
system and/or provide certain information (e.g.» to identify a party, verify a party's identity, 
determining how to transfer value to or from the party) before the transaction can be closed. 

In this section, one or more methods are described for using a value exchange 
system such as that depicted in FIG. 1 to effect a value exchange between two or more 
10 parties. The methods and operations described here may be altered or modified for 

different types of computing devices that a party may employ and/or different system or 
transaction configurations vsithout exceeding the scope of the invention. 

In one embodiment of the invention the system of FIG. 1 may be envisioned as a 
system for facilitating or conducting a financial transaction involving two or more persons. 
IS lUustratively, at least one person in the transaction is already registered (e.g., has an 

account) with the system so that at least one form or conduit for transferring value exists. 
Advantageously, however, a registered user may initiate a transaction with an unregistered 
party, ^o may be identified to the system with an existing identifier such as an electronic 
mail address, telephone ntmiber, IP (Internet Protocol) address, etc. Thus, in this 
20 embodiment identifiers associated wath tmregistered users (and/or registered users) may 
already have significance or use outside of the system and there may thus be some degree 
of assurance that they can be reached through or with those idoatifiers. 

Once known to (e.g.» registered with) the system, however, a user may conduct 
value exchanges and other transactions using portable, semi*portable and other computing 
25 devices. In particular, the system enables a user to ccHiduct a secure transaction from his or 
her client device directly (e.g., to another user or person having a compatibly eqtiipped 
device) or ijMiirectly (e.g., by describing or submitting the transaction to a system server, 
which may then rK>tify another transaction party). 

Illustratively, in a direct transfer the parties may exchange cryptographic tokens in 
30 order to prevoit later repudiation and authenticate the transaction to the system, and, once 
the system is informed of the transaction by at least one party, the transaction can be closed. 
In an indirect transfer the system may contact another party (e.g., by electronic mail or 
telephone) on behalf of an initiating user and, if the party is not already registered, invite 

10 
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thai party to register with the system in order to receive and/or conduct their own transfers 
or exchanges. In one embodiment of the invention the invited party may, of course, be able 
lb satisiy his or her part of the transaction (e.g., receive or pay money or other value) 
vnthout registering with the system. For example, he may send payment to or receive 
5 paymrat from the system in a traditional form (e.g., check, credit card, debit card). 

With reference now to FIG. 2, an illustrative method of conducting an indirect value 
exchange transaction according to one embodiment of the invention is presented. The 
illustrated method is suitable for use with the system depicted in FIG. 1 . 

In state 200, a first user (USERl) registers with the system^ one method of which is 
10 described in a following section. Illustratively, as part of the registration process USERl 
provides his or her name and residence/postal address, a meaningful identifier (e.g., 
electronic mail address, telephone nimiber, social security number) and pertinent financial 
information. Financial data provided by USERl may include a credit card or bank account 
to be credited or charged for individual transactions and/or when the value of a transaction 
1 S exceeds a predetermined limit. In particular, users may be assigned limits on how much 
value they can transfer through the system, based on the financial data regarding them, the 
degree to which their personal information (e.g., address) can be verified, etc. The limit 
may affect the size or number of uncleared transactions that a user may be involved in at a 
given time. 

20 A registered user may be assigned an account number or other identifier vrithin the 

system. As mentioned above, however, a party may be included in a transaction by 
specifying an externally meaningfijl identifier (e.g., electronic mail address, telephone 
number) associated with the party. USERl may register with the system, and conduct 
transactions, using virtually any form of client device (e.g., handheld or palmtop computer, 

25 desktop, web-enable telephone) having the ability to conunimicate with another computing 
device (e.g., a system server). 

In the presently described embodiment of the invention a digital certificate is 
generated for or provided by USERl as part of the registration process. Illustratively, a 
certificate generated for USERl includes USERFs name and electn»iic mail address (or 

30 other meaningful identifier) and a public key signed by the system, all of which are 

encrypted by a code (e.g., a Personal Identification Number or PIN) previously assigned to 
or chosen by USERl . In one method of registering a user described in a later section, a 
public/private pair of cryptographic keys is generated (e.g., by the user*s client or security 
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server 110) and the private key is retained only by the client or other computer system 
operated by the user. 

In state 202 USERl enters a transaction in his client using software provided by the 
syston. Illustratively, USERl simply enters the electronic mail address, telephone number 
.5 or other identifier of a party (e.g., USER2) with whom he v^sbes to exchange value, plus 
the value to be transferred. In this embodiment, the value may flow in either direction (i.e., 
from or to USERl). The amount of value that USERl may transfer (if the value is to flow 
to USER2) may be limited to his system account balance (e.g., which may be stored on his 
client and updated when the client synchronizes with the system). This amount may be 
10 decreased by any other transfers (to other users) that have been requested or initiated but 
not yet cleared. If. however, USERl has provided other payment arrangements (e.g., 
through a credit card, electronic funds transfer), then he may be able to exceed his account 
balance. 

USERl may be required to enter a security code (e.g.. Personal Identification 
.15 >Jumber or password) to activate the client system software before entering a Uansaction. 
Illustratively, if an inconect code is entered a predetermined number of times (e.g., ten), the 
ability to enter transactions may be disabled and USERl may be reqxiired to contact or 
synchronize with the system (as described below) in order to re-enable the client software. 
The software may maintain a list of all parties writh whom USERl has previously 
20 conducted a value exchange transaction, in which case he may just select USER2's 

identifier if she is included in the list. The client system software employed by USERl 
may offer multiple transaction options. For example,. USERl may be able to initiate a 
unilateral transfer to (or from) USER2. USERl may also be able to initiate a bilateral 
transacticHi if his client and USER2*s client arc capable of direct (e.g., wireless) 
25 communication. Yet further, USERl may be able to transmit the client system software to 
USER2*s client device. In this case, however, USER2 may not be able to transfer value to 
another party tmtil she registers with the system (and opens an account). 

At some time after entering the transaction in his client, in state 204 USERl 
synchronizes with qmchronization server 106. In particular, USERl initiates whatever 
30 commands or actions are necessary to connect his client with the synchronization server. 
The client may be able to connect directly, perhaps through a wireless connection, or 
through any number of intermediate devices or media (e.g., the Internet). In particular, if 
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USERl *s client is a portable device, he may be required to dock it or otherwise connect it 
to another computer system in order to initiate a connection to synchronization server 106. 

Synchronization may be required on a regular basis (e.g., at least once every thirty 
days).. If this requirement is not satisfied, the client software may automatically prevent 
5 USlERl £pom making payments or initiating transactions. In addition, transactions made on 
USQll *s client may be automatically canceled or nullified if he does not syrKhronize 
within a certain period of time (e.g., thirty days) after entering the transaction in the client. 

In a typical synchronization process according to one embodiment of the invention, 
USERl *s client connects to synchronization server 106 and identifies USERl by his system 
1 0 account number (and/or electronic mail address, telephone number or other meaningful 

identifier). The server locates a user record for USERl (e.g., in database 102) and retrieves, 
a code (e.g., a PIN) as^gqed to or associated with the user. A digital certificate associated 
with USERl , and which is to be transmitted to USERl during synchronization, is then 
encrypted with this code; this digital certificate may be the certificate that was generated 
15 when USERl was registered. Illustratively, however, the digital certificate may be 

augmented with one or more transaction certificates for transactions involving USERl that 
have been reported to the system by other users. The digital certificate may also be used to 
pass a new code (e.g., PIN) to USERl . 

If there is no digital certificate stored on the system for USERl , the synchronizafion 
20 server requests USERl 's password and electronic mail address (or other identifier). If this 
information is v^fied, a new key pair may be generated and a new digital certificate 
issued. 

After the initial synchronization connection is established, the client sends the 
preseitt transaction (and any others it has stored and not already sent) to the server. The 
25 transactiohs may be sent using digital transaction certificates^ as described above. The 

client is informed if any previous transactions of USERl have cleared (e.g., another party in 
a previous transaction may have connected to the system and accepted the transaction), in 
which case they may be removed from the client The server may then prioritize imcleared 
transactions according to some criteria (e.g., date, time, other party(ies), transaction value, 
30 direction of value transfer). 

A user's client (and/or a system server) may maintain a transaction log in which to 
record transactions conducted by and/or involving the user. An entry is then made in the 
log when the user initiates a transaction. An entry may also be made in the log for each 
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transaction (e,g., initiated by another party) that the client learns of from a sy^em server 
(e:g.y during synchronization). Entries may be removed or archived after their associated 
transactions clear. 

In one method of the invention account balances are altered during the 

5 synchronization process. In particular^ USERl *s accoimt is debited for all values beiiig 

transfened away from USERl . Conversely, however, USERl 's account may not be 

credited for incoming valiie transfers initiated by USERl until the other parties to such 

transfers synchronize or otherwise acknowledge or approve them (e.g., tmtil the 

transactions clear). If USERl's system account has an insufiicient balance to make a 

] 0 ti^fer (e.g., to USER2), his credit card or other value stream may be tapped (e.g., by 

financial server 1 08) to cover them. 

Thus, in state 204, once USERl has connected to the synchronization server the 

transaction is coinmunicated to the system along with any other transactions not yet 

submitted. In exchange, the synchronization server may inform the client of any closed 

1 S transactions and download transactions that involve USERl that were initiated by other 

. parties. Therefore, the synchronization process of state 204 may involve updating 

USERrs client and the system v^th various transactions to which USERl is a party. 

Account balances on a system sorver and/or the client may be altered accordingly during 

the synchronization process or afterwards. 

20 In state 206 a system server (e.g., synchronization server 1 06) receives the details of 

the USER1/USER2 transaction (e.g., including an identifier of USER2 and the value to be 

transferred). If the value exchange is from USERl to USER2, USERFs accoimt may be 

automatically debited by the amoimt of the transfer; this may require a charge to a credit 

card or bank account associated with USERl . In the illustrated embodiment, however, 

2S account updates may be postponed until a later stage of the f^ocedure. 

In state 208 the system attempts to inform USER2 of the transaction. In this 

embodimodt the system uses the identifier submitted by USERl (e.g.» by generating an 

automated electronic mail message or voice message). If, however, USER2 is a registered 

system user» her account may be examined to detennine if she has a different, i^fened, 

30 method of receiving transaction communications. If USER2 is not a registered user, the 

automated message includes details concerning what she should do to receive the value. 

For example, a system web site hosted by communication server 1 04 may be identified and 

USER2 invited to connect to the site and register. 
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In State 210, which may occur simultaneously with state 208» the system deteimines 
whether USER2 is a registered user. If so, then she need not register and the procedure 
continues at state 214. 

In state 212^ however^ USER2 is unregistered at the time of the transaction with 
5 USERl and therefore may be required to register before the transaction can be closed, 
particularly if the value is to be transferred from USER2 to USERL By registering with 
the system, USER2 may receive or submit the transaction value u^g virtually any normal 
means for conveying value (e.g., credit card, check, debit card, electronic funds transfer). 
However, in one alternative embodiment of the invention USER2 may not be required to 
1 0 register. In particular, in this alternative embodiment she may be able to make a one-tinie 
payment to or withdrawal from the system (e.g., with a credit card or check). 

In state 2 1 4 USER2 accepts or acknowledges the transaction. Acceptance may be 
implied if she was an unregistered party and registers in response to the invitation from the 
system. State 21 4 may only be required for transactions in which the value is to be 
15 transferred from USER2 to USERl . Li other words, when a first user initiates a transaction 
to transfer value to another user, the other user^s acknowledgement may not be needed. 
However, if a first user initiates a transaction to receive value from another user, it may be 
necessary to receive approval firom the other user before closing the transaction. 

In state 216 the transaction is closed by altering system account balances for USERl 
20 and USER2 according to the value of the transaction. In addition, the user that is providing 
vahie to the other party may need to inject additional value into the system in order to cover 
Hit transaction. Thus, financial server 1 08 may charge the user's credit card, conduct an 
electronic funds transfer or take other action. Further, if there is a limit or maximum on the 
receiving user's account balance, the financial server may credit value to his or her credit 
25 C2ffd, debit card, bank account, etc. 

In state 21 8 the chent devices fcH^ USERl and USER2 are updated according to the 
transaction (and, possibly, other transactions). If, however, USERl or USER2 are 
disconnected from the system at the tune, their devices may be updated (e.g., by 
synchrmiization server 106) the next time they connect. ARei state 21 8 the illustrated 
30 procedure ends. 

In a present embodiment of the invention USERl may be granted affinity points or 
some other reward for introducing a new user to the system. In particular, if USER2 was 
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not a registered user at the time USERl submitted the transaction to the system, he may be 
rewarded if USER2 registers in response to the transaction notification fipm the system. 

The embodiment of the invention illustrated in FIG. 2 and described above is but 
one method of conducting a value exchange with a system such as that depicted in FIG. 1 . 
5 This method may be readily modified to accommodate the use of various types of client 
devices^ communication media and communication sequences. In particular, the preceding 
method may be applied as described, or slightly altered, to conduct a value exchange 
between a registered user and an unregistered party, between two or more registered users, 
or in virtually any circumstance in which value is being exchanged. 
1 0 FIG. 3 depicts one form of an incfirect value exchange performed by one user on a 

mobile client device. In FIG. 3 UseiA enters the value exchange in her device, ClientA. 
The transaction is then submitted to a system Sicrver, possibly during a synchronization 
process. The amount of the value (if UserA is authorized to transfer the full value) is 
removed from UserA's account and UserA's client device is updated with her new account 
15 balance. Additional iimds or value may be retrieved from a bank, credit card, ACU, or 

other financial source associated vnXh UserA if her account balance fails below a minimum 
level or the transfer is necessary in order to complete the requested exchange. The value is 
dqK>sited in UserB's account, which may require an account to be created for UserB if be is 
not already a registered user. 
20 In one embodiment of the invention the value of a transaction may be held in 

escrow. In this embodiment the user initiating the transaction chooses an option to have the 
value placed in escrow. If this user is the payor (e.g., the party from whom value is being 
transferred), the user's account may be debited as soon as the transaction is communicated 
to the system, but instead of being credited to the specified recipient, it is held in an escrow 
25 account Illustrativeiy, the value recipient is notified that a value is being held and, 

possibly, the conditions for releaang it. The system may require that both parties agree 
befcm the funds are transferred to the recipient (»r back to the payor. The system may be 
configured, by default, to ccrnii^ete the transfer after a certain period of time if there is no 
objecticMi firom a party or, conv^sely, to cancel the transaction unless one or both parties 
30 affirm it within the q>ecified period of time. 

The following sub-sections describe methods of conducting a value exchange in 
different environments or circumstances from those described above. 
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CONDUCTING AN ONLINE VALUE EXCHANGE 

In one alternative method of conducting a value exchange^ a user connects to the 
value exchange system (e.g., the system of FIG. 1) through an Internet connection (e.g., 
from a desktop or wireless client). In this method, conunimication server 104 of the system 
5 of FIG. 1 comprises a web server hosting a web site for the system. A user wishing to 
initiate a transaction connects to communication server 104 and satisfies the necessary 
security requirements by providing a usemame^ account name or other identifier (e.g., 
electronic mail address^ telephone nimiber) and a password, hi one alternative of this 
embodiment, a cryptographic security policy may be enforced that requires the user to 
10 provide cryptographic authentication or a security token. 

The user completes an online form by providing information such as an identifier 
(e.g., electronic mail address, telephone number, social security number, account rame) of 
another party to the transaction and the value to be transferred. Also, the user may specify 
whether the value is to be transferred from him to the other party or vice versa. The uscr*s 
IS interface with the system (e.g., the web page presented to the user when he coimects or logs 
in) may be personalized to the user. In particular, identifiers of parties with ^lich the user 
has transacted in the past may be available for ready selection, in which case the user need 
not remember or enter an identifier but can, instead, pick one from a list 

If the other party is already a registered system user, the system may then proceed to 
20 conduct the value transfer. Illustratively, if the value is to flow fit>m the initiating user to 
the other party, the system may not require the approval or authorization of the oth^ party 
to finalize or close the transaction. The syst^ may simply send notification of the 
transaction (e.g., via electrtmic m^l) to the party. In contrast, if the vahie is to flow fiom 
the other party to the initiating user, the system may require the other party's approval 
25 before closure. When the value of the transaction flows from the initiating user to the other 
party, the user's account may be debited by the amount to be transferred even before the 
transaction closes (e.g., befcve the other party accepts the transaction). 

If the other party is not a registered system user, the system notifies the party of the 
pending traiksaction by using the identifier jnrovided by the initiating user. The notificaticm 
30 may thus be sent via electronic mail. Illustratively, the notification identifies the user who 
initiated the transaction, informs the other party of the amount of the transaction and 
specifies howAvhere (e.g., a web page or site) to complete the transaction. In order to 
receive the value or submit the value requested by the initiating user, the other party may 
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then connect lo the system and register. A method of registering a new user is described in 
a following section. 

Unlike an offline transaction (e.g., using a discoimectable portable computing 
deviceX when conducting a transaction online a user may be able to access accotmt 
5 information and/or close the transaction in real time. 

The method of the invention described in this sub-section is suitable for application 
with clients that can establish and maintain a real-time link with the system, whether . 
through the Internet via a wired or wireless connection, through a telephone connection 
(wired or wireless), etc. 

10 

CONDUCTING A DIRECT (CLIENT TO CLIENT) VALUE EXCHANGE 

In one alternative embodiment of the invention a method is provided in which two 
parties employ their client computing devices to conduct a value exchange. If they are 
disconnected from the system while conducting the transaction, after the transaction one or 
1 5 both of them submit the transaction to the system (e.g., via communication server 1 04 or 
synchronization server 106 of the system of FIG. 1). This method is particularly suited to 
the use of mobile computing devices and smart or web-enabled telephones that can 
communicate directly (e.g., via a wired or wireless communication medium) with another 
client. 

20 The option to conduct a ciient-to-client transaction may be just one of several 

options available to a user. For example, the system software installed on the client device 
may also enable one user to transmit the system software to another user, conduct a 
unilateral transaction (e.g., as described above in conjuncticm with FIG. 2), view his or b^ 
account balance(s) (which are updated each time the clioit is synchronized) or transaction 
25 log, use a calculator, etc. 

If the tiser elects to nuike a client-to-cUent transacticNa, the user's climt xnay 
automatically attraipt to establish contact with another client The client may be 
configured to make such cormections in a wireless oi wired mode. 

In this method each user activates his or her computing device and one of them 
30 operates the installed system software to initiate a payment to or from the other user. This 
may reqtiire the user to enter a Personal Identification Number (PIN) to activate the 
software. The other user's client may then prompt him or her to accept or reject the 
transaction, particularly if the value of the transaction is to be transferred from the other 

18 



wo 00/67177 



PCTAJS00ai732 



user to the first user. If only one user has the software installed, the software may be 
transmitted to and installed on the other user's device as part of, or as a precursor to, the 
transaction. 

Illustratively^ the account balance of the xiser giving the value (e.g., as iiKlicated in 
5 the system software) decreases when the transaction is conducted. Closing the transacticm 
may require the paying user's credit card, debit card or other method of {M-oviding value to 
the system to be charged (e.g., if his or her account balance is too low). The transaction 
may not be closed until one of the users forwards the transaction to the system (e.g., during 
a synchronization session with synchronization server 106). The client software may allow 
10 a user to make notes or comments to be saved in a transaction log with the details (e.g.^ 
value, other user's identifier) of the transaction. 

In one method of conducting a direct value exchange, the users may exchange 
digital certificates (e.g., transaction certificates) or other tokens in order to authenticate 
each other and/or demonstrate to the system that the transaction is valid and was not 
IS spoofed or faked by one of the parties. 

FIG. 4 depicts one form of a direct value exchange performed between two users 
having mobile chent devices. In FIG* 4 UserA electronically transfers the value firom her 
ClientA to UscrB's CliratB. The transaction is then submitted to a system sarver by one of 
the transaction parties, possibly during a synchronization process. The amount of the value 
20 (if UserA is authorized to transfer the fiill value) is removed fiom UserA's account and 
deposited in UserB's account. Additional fimds or value may be retrieved firom a bank, 
credit card, ACH, or other financial source associated with UserA if her account balance 
falls below a minimum level or the transfer is necessary in order to complete the requested 
exchange. Both of the users* client devices are updated with their new accbont balances. 

25 

Canceling a Value Exchange 

hi various situations a user may wish or need to revorse or cancel a value ^change. 
For example, while attempting to conduct a transaction with another party a user n^y 
provide an incorrect identifier - such as a non-existent or invalid electronic mail address or 
30 a valid electronic mail address that is associated with someone other than the desired party. 
In one embodiment of the invention a value transfer may be undone if the situation 
warrants. In particular, if it is determined that an exchange should be undone, the system 
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may cancel the value transfer, reverse it, redirect it (e.g., transfer the value to a third party) 
or nullify it in some other manner. 

If an identifier of a transaction party (e.g., electronic mail address) provided by a 
user is unusable (e.g., invalid), the user may specify whether to reverse or redirect the 
5 transfer or the system may apply a default action (e.g., return the value to the user). This 
situation may occur, for example, if an electronic mail notification of the transaction to the 
other party is undeliverable (e.g., incorrect address, party's electronic mail server is 
unavailable). 

If the party identifier is a valid identifier, but is not associated with the intended 
10 party, rectifying the situation may be more difficult. For example, if the transaction has 
already been closed and the value credited to the incorrect party, the transaction may be 
irreversible. The initiating user may, of course, contact that party and attempt to retrieve 
the value. 

If the party identifier is valid but is not associated virith the intended party and the 
1 5 transaction has not yet closed, the user may be able to retrieve the value. Some period of 
time (e.g., six months) may be established for automatically canceling or reversing 
uncleared transactions or during which the user may request cancellation of the transaction. 
For example, if a user initiates a transaction and six months later the recipient still has not 
claimed the value, the system may automatically reverse or cancel the transfer. Before that 
20 time, however, the initiating user may have to request the transaction be nulhfied. The 
system may attempt to contact the incorrect party before doing so. 



Registering a New User in One Embodiment of the Invention 

As described earlier, in one embodiment of the inventicm a user must be registered 
25 with the value exchange system before being able to initiate or close a transaction with the 
system. This section describes one method of registering a new user, during which the user 
may download or otherwise receive software configured to allow the user's client device to 
interact with the system and/or other user's clients. 

Illustratively, a new user may register with the system in many M^ys» such as 
30 through a system web site, via a web-enabled telephone, via normal voice te 
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contact, via electronic or normal mail, etc. The level of access or degree to which a user 
may employ the system after registration may, however, depend upon how the user 
registers, how much infonnation is provided during registration, how much of the 
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infonnalion is verified, etc. For example, if a user-provided telephone number, electronic 
mail address, street address, and/or other information is all verified, the user may be 
granted greater system access or be allowed to conduct transactions involving more value 
than if the information is inconect, unverifiable or not provided. 
S In one embodiment of the invention a potential new user connects to 

conmnmication (e.g., web) server 104 of the system of FIG. 1 and completes a registration 
form. Advantageously, the registration process is done in a secure mode (e.g., with SSL 
(Secure Sockets Layer)). The registration form may elicit or require personal information 
such as name, residential (e.g., street) address, telephone number(s) (e.g., daytime, 

■ • 

10 nighttime, mobile), etc. Information to be associated with the user's account is also 

requested, such as an electronic mail address, social security number, some information that 
may be used for sectnity purposes (e.g., mother's maiden name), etc. The user may also be 
prompted to enter a password to be used for the new account and/or a PIN (Personal 
Identification Number) for activating system software on the user's mobile device. 
IS Illustratively, when the user wishes to initiate or accept a transaction while using his mobile 
device, he may be required to enter the PIN before the software vnl\ function. 

The user may be required to agree to specific terms for using the system. The 
system may then attempt to verify one or more pieces of information provided by the user. 
Thus, a confirmation communication may be sent to the user's street address, electronic 
20 mail address, mobile device, etc. A confirmation communication may include a code (e.g., 
a PIN) that the user is instructed to provide to the system (e.g., web server 104) in order to 
complete or continue the registration process. 

In an embodiment of the invention in which a new user registers with the system 
using a smart or web-enabled telephone, the registration pnxress may be tailored to the 
25 device Bnd the limited display nieans of such a device. Thus, some of the registration 
information (e.g., telei4K>ne number, name) could be derived from the telefdione or the 
signal received from the telef^ne. And, the information required of the user may be 
reduced to a minimum if it must be entered through the telephone's keypad. 

Illustratively, some of the information associated with a system user may be 
30 required to be unique. For example, in an embodiment of the invention in which 

transaction participants may be identified by their electronic mail addresses, the system 
may require a one-to-one mapping between addresses and users. In another embodiment 
users may be identifiable by telephone numbers. Again, the system may allow each 
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telq>hone nuipber to be associated with only a single user, although extension numbers 
could^ perhaps, be added to difTerentiate between multiple users reachable at one number. 
One reason for this limitation is to allow a value exchange participant to identify another 
participant using a conuiion identifier that is, or may be, already known. In one alternative 
S embodiment, however, a user may be known by an account numbo- or other identifier 
generated by or for the system. In another alternative embodiment, some or all users may 
. be identified by multiple identifiers, in which case multiple users may be associated with a 
particular identifier (e.g., electronic mail address) but also have other identifiers that 
distinguish them. 

10 After a user is registered with the system, he or she may then establish an initial 

and/or default method of providing funds. For example, the user may identify a credit card, 
a bank account, a debit card or other source of value to be charged when the user transfers 
value to another person or at other times when value must be added to the user's system 
account The amount of system credit or the limit placed on the user's system activity may 

15 be determined in part or in whole by the form of value transfer the user employs, the level 
of credit or value transfer authorized by the user*s fmancial institution, the degree to which 
the user's personal or accoxmt information has been verified, etc. For example, if the user's 
street address cannot be verified (e.g., he or she does not submit the code mailed to the 
address they provided), or the address of his/her credit card does not match his/her mailing 

20 address, or the user's credit card limit is low, then he or she may be limited to a first level 
of system usage. If. however, the user's personal or financial information is verified and/or 
their credit card limit is relatively high, he or she may be allowed to transfer much more 
value through the system. In short, the level of trust, authentication, verification or security 
that the user provides to the system may affect the amount or level of system usage the user 

25 is granted. 

Until a user submits credit or debit information his or her system limit may be kept 
at zero, indicating that he or she is not authorized to transfer value to other parties. The 
user may, however, be able to receive value transfers as soon as he or she is registered. 

A user may also be able to place value in his or her system account through direct 
30. deposit, a personal check, electronic funds transfer, etc. Illustratively, however, funds 
submitted via these methods are not available for transfer until they clear. Users may 
choose multiple methods of depositing value into their accounts (and retrieving value fi^om 
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their accounts) and may be required to provide whatever information is necessary (e.g., 
bank routing or account number) to implement those methods. 

Registration may or may not be required before a user can download and install 
software configured to allow a user to make a value exchange. A software download may 
5 be part of the registration process or may, alternatively, be conducted before or. after a user 
registers. The following is a description of a software download/installation process 
according to one embodiment of the invention. 

To receive the software the user first connects his client device to an appropriate 
system server (e.g., commimicatipn server 104 or synchronization server 106 of the system 
10 of FIG* 1). The user makes a choice to download the software and may need to identify his 
or her device so that the correct software is provided. A registered user may also identify 
himself to the system, in which case the system may automatically determine (e.g., by 
communicating with the user's device or referring to account information in database 102) 
whether the user needs to update his software. 
1 5 The software that is downloaded may depend upon the user's normal or expected 

method of accessing the system. For example, if the user employs a portable device the 
downloaded software may be tailored to the particular device to allow it to conmiunicate 
and interact directly with the system. If the portable device is a disconnectable device that 
must be docked with or otherwise connected to another computer system (e.g., a desktop or 
20 workstation, herein termed a ""conduit" computer) in order to communicate with the system, 
then the downloaded software may include modules for the disconnectable device and/or 
the other computer system. 

The appropriate software is then copied to the user^s device. Other software, 
peifa^s j^Dvided by a mantifacturer or vendor of the user^s device may need to be in 
25 operatim in ordor to fiiUy install the system software. For a disconnectable portable 

computing device, a first software module is installed on Ae corxhiit computer, after which 
the device may be docked in order to install a second module on the device. The first 
module may be configured to synchronize the user's locally stored data and information 
with qw:fan>nization server 106, while the second module may be configured to conduct 
30 disconnected transactions and corrununicate them to the corKhiit computer. Thus, after a 
transaction is conducted with the client while discoimected, it is communicated to the 
conduit computer, which then synchronizes with synchronization server 106. The client 
software module may be considered a "^vallet" application. 
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. Illustratively, after new software is downloaded, and before the user can use his 
portable device to transfer value to another person, he must be authenticated to the system. 
Thus, in one embodiment of the system the user inputs his usemame (e.g., accoimt name, 
electronic mail address, or other system identifier) and password, which the conduit passes 

S to the system (e.g., synchronization server 1 06, security server 110) for verification. If the 
user is verified, a pair of cryptographic keys may be generated (e.g., by the conduit 
computer or security server 110). In the presently described embodiment the user's conduit 
computer generates the key pair and passes the public key to the system to be signed. The 
signed key may be returned in encrypted form (e.g., encrypted with the user's PIN)- 

10 Illustratively, both the private key and signed public key are then stored only on the user's 
portable device (i.e., not on the conduit). 

When a user installs new software (e.g., a new version), uncleared transactions may 
be automatically cleared (vrith synchronization server 106) or archived. If the user installs 
new software on a different device, the digital certificate on the original device may be 

15 invalidated. 



The foregoing descriptions of embodiments of the invention have been presented 
for purposes of illustration and description only. They are not intended to be exhaustive or 
to limit the invention to the forms disclosed. Accordingly, the above disclosure is not 
20 intended to limit the invention; the scope of the invention is defined by the appended 
claims. 
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What Is Claimed Is: 



1 . A method of facilitating a value exchange between multiple iisers in a 
. distributed value exchange system, the method comprising: 
5 (a) registering a first user with the value exchange system; 

(b) receiving a value exchange transaction from the fust user, wherein said 
transaction involves a second user and includes: 

(i) a pre-existing identifier of the second user, wherein the pre-existing 
identifier enables conununication with the second user independent of the value 

1 0 exchange system; and 

(ii) a value to be exchanged between the first user and the second user; 

(c) notifying the second user of said value exchange transaction; and 

(d) allocating said value between the first user and the second user. 



2. The method of claim 1 , further comprising: 
15 (c') registering the second user with the value exchange system if not already 

registered. 



3. The method of claim I , wherein said value to be exchanged between the first 
user and the second user is to be transferred from the first user to the second user. 



4. The method of claim 1 , wherein said value to be exchanged between the first 
20 user and the second user is to be transferred fix>m the second user to the first user. 



5. The method of claim 3, wherein said value to be exchanged between the first 
user and the second user is receivable by the second user as a redeemable voucher. 



6. The method of claim 5^ herein said redeemable voucher is redeemable by 
the second user by selecting an electronic link provided to the second user. 



25 7. The method of claim 5, wherein the redeemable voucher includes an 

electronic advertisement. 
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8. The method of claim 3, wherein said value to be exchanged between the first 
user and the second user is receivable by the second user through a debit card. 



9. The method of claim 3, wherein said value to be exchanged between the first 
user and the second user is receivable by the second user in the form of a web certificate^ 
5 and wherein the method fiirther comprises: 

transferring said value to be exchanged between the first user and the second user 
from the second user to a third user. 



10. The method of claim 1 , wherein said pre-existing identifier is a telephone 
nuinber. 



10 11. The method of claim I , wherein said pre-existing identifier is an electronic 

mail address. 



12. The method of claim 1 » wherein said receiving a value exchange transaction 
comprises: 

initiating a value exchange involving a second user on a mobile client device of said 
15 firstuser; 

establi^ng a cormection between the first user aiKi the value exchange system; and 
transmitting said value exchange to the system. 



13. The method of claim 1 2, wherein said initiating a value exchange 
transwnion comprises establishing a communication link between the first user's mobile 
20 computing device and a secoiKl user's mobile client device. 



14. The method of claim 1 » wherein said value exchange transaction is received 
from the first user through a mobile communication device. 



1 5. The method of claim 1 4^ wherein the molnle communication device is a 
personal digital assistant. 



25 16. The method of claim 1 4, wherein the mobile communication device is a 
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telq>hone. 

17. The method of claim 14, wherein the mobile communication device is a 
two-way pager. 

i 8. The method of claim 1 4, wherein said value exchange transaction is 
5 received from the mobile communication device through a wireless network. 

1 9. The method of claim 1 4, wherein the mobile communication device is a 
disconnectable device. 

20. The method of claim 1 , further comprising converting said value to be 
^changed between the first user and the second user from a first form to a second form. 

10 21 . The method of claim 20, wherein said first form is a first currency and said 

second form is a second currency. 

22. The method of claim 1 , wherein the form of said value to be exchanged 
between the first user and the second user depends on the pre-existing identifier. 

23. The method of claim 1 » further compri^g holding said value to be 

1 5 Gtchanged between the first user and the second user in escrow with an escrow party tmtil 
ssdd vahie exdiange transaction is comfdeted. 

24. The method of claim I , further comjxising repeating (b)» (c) and (d) for a 
second value exchange transaction between the second user and a third user. 

25. The method of claim I , wherein an a^mmetric cryptograjduc scheme is 
20 qqpUed to secure said value exchange transaction. 

26. A method of facilitating an exchange of value between multiple users 
through a distributed transaction system, comprising: 

(a) receiving an instruction from a first user to exchange a valxie with a second 
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user, wherein the first user is a registered user of the distributed transaction system and the 
instruction includes: 

(i) an identifier of a second user not registered with the distributed 
transaction system, wherein said identifier is usable to identify the second user 
independently of the distributed transaction system; and 

(ii) the value to be exchanged between the first user and the second user, 

(b) notifying the second user of said value exchange; 

(c) registering the second user with the distributed transaction system; and 

(d) transferring said value between the first user and the second user. 



27. The method of claim 26y wherein said identifier is an electronic mail 
address. 



28. The method of claim 26, wherein said identifier is a telephone number. 



29 i The method of claim 26, wherein said instniction is received through a 
mobile communication device operated by the first user. 



30. A method of facilitating a fuiancial transaction between a first user and a 
second user through a distributed financial services system^ the method comprising: 

(a) registering a first user with the distributed financial services system; 

(b) receiving a financial exchange request from a mobile communication device 
20 operated by the first user, wherein said financial transaction request includes: 

(i) a pre-^dsting identifier of a second user participating in said 
financial exchange, wherein said iro-existing identifier is configured to identify the 
second user for a purpose other than conducting a financial exchange with the 
financial services system; and 
25 (ii) an amoimt of the financial exchange; 

(c) notifying the second user of said financial exchange request; and 

(d) allocating said amount of said financial exdumgp between the first user and 
the second user. 



3 1 . The method of claim 30, wherein said pre-existing identifier is an electronic 
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s 

mail address. 

32. The method of claim 30, wherein said pre-existing identifier is a telephone 
number. 

33. The method of claim 30, further comprising: 

S (c') registering the second user with the distributed financial services system 

before allocating said amount of said financial exchange. 

34. A value exchange system for exchanging value between multiple users, 
comprising: 

a database configured to store information concerning registered users of the value 
exchange system and details of transactions conducted by the registered users; 

a synchronization server configured to receive a first value exchange transaction 
from a client device operated by a first party, wherein said first value exchange transaction 
involves a second party identified by the first party with an identifier that is capable of 
identiiying the second party independently of the value exchange system; and 

a communication server configured to receive a connection fi:om the second mict 
and register the second parQr if not already registered. 

35. The system of claim 34, further comprising a financial server configured to 
20 interact with a financial institution to access value to facilitate said first vahie exchange 

r 

transaction. 

36. The ^tem of claim 34, further comprising a security server configured to 
generate a digital identity certificate that may be used to authenticate the first party. 

37. The system of claim 36, wherein said security server is fimher configured to 
25 autboiticate a digital transaction certificate that may be used to authenticate said value 

exchange transaction. 

38. The system of claim 34, wherein said identifier is one of an electronic mail 
address and a telephone number. 
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